Staff Endpoint Engineer (Client Platform Engineering) – Affim
Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest. Our IT Engineering teams build and operate the tools, systems, and services that power the employee‑facing IT experience. We’re a creative, craft‑minded team focused on building and maintaining services that are speedy, simple, and secure so our global, remote‑first workforce can be productive from day one.
About the Role
Client Platform Engineering builds and maintains the hardware and software at the heart of our employee‑facing operations. As a member of this team you’ll own the endpoint platform and deliver scalable, secure solutions—including zero‑touch provisioning, package and patch management, and silent updates—while partnering with cross‑functional teams such as Security, Engineering, Product, and Support.
What You'll Do
- Administer and scale macOS device management using Jamf Pro, ensuring endpoints meet company compliance standards (encryption, OS patching, configuration profiles, application management).
- Guide architectural decisions to ensure endpoint management can easily scale with the company.
- Drive key technical initiatives such as permission automation, third‑party patching, silent updates, stability improvements, and streamlined device deployment.
- Build automation and infrastructure‑as‑code pipelines using Terraform (or similar), Bash/Python scripting, and Jamf/Okta/MDM APIs to create zero‑touch provisioning workflows.
- Manage enterprise‑grade software and package deployment, using tools like AutoPkgr for silent rollout of updates at scale.
- Implement and refine endpoint change control processes, with communication, testing, rollback plans, and compliance tracking. Create dashboards and reporting for visibility into compliance, patch levels, and device health.
- Collaborate closely with Security, Support, Engineering, and IT to enforce policies (least privilege), onboard security agents (AV, EDR, disk encryption), and integrate devices with Okta SSO, Oomnitza, Google Workspace, and other monitoring tools.
- Serve as the escalation tier for complex endpoint issues—troubleshoot deep macOS, hardware, networking, or software issues and act as a knowledge source for IT Support.
- Mentor junior engineers—share expertise, set best practices, and help elevate the team’s Jamf, scripting, and automation capabilities.
- Explore and evaluate new endpoint‑management and automation technologies, run POCs, and recommend adoption to improve platform efficiency, security, and user experience.
- Work directly with Developer Productivity to support the unique needs of our engineers.
What We Look For
- 5+ years of hands‑on experience managing macOS (and ideally other endpoints) at scale with enterprise MDM tools—Jamf Pro expertise required (Jamf 300+ level).
- Strong scripting capabilities in Bash, with fluency in Python; ability to programmatically integrate with RESTful APIs (Jamf API, Okta API, etc.).
- Proven proficiency in automation / infrastructure‑as‑code tools such as Terraform, Ansible, or similar in an IT context.
- Experience with Windows Intune and Windows Endpoint Management.
- Deep understanding of enterprise security practices for endpoints—vulnerability/patch management, enforcing least privilege, encryption, compliance frameworks.
- Experience building and managing package/software distribution pipelines (AutoPkg, Jamf, etc.).
- Exceptional troubleshooting skills and ability to debug complex endpoint issues; capable of representing the IT team in high‑severity escalations.
- Excellent cross‑functional communication skills with a collaborative mindset.
- A positive, growth‑oriented attitude with strong written communication—for documentation, runbooks, dashboards, and process guides.
- Prior experience serving as a technical mentor or functional lead in a high‑growth or enterprise environment is strongly preferred.
- This position requires either equivalent practical experience or a Bachelor’s degree in a related field.
Pay and Equity
Pay Grade: M
Equity Grade: 7
Base pay is part of a total compensation package that may include equity rewards, monthly stipends for health, wellness and tech spending, and benefits (including 100% subsidized medical coverage, dental and vision for you and your dependents).
USA base pay range (CA, WA, NY, NJ, CT) per year: $180,000 - $230,000
USA base pay range (all other U.S. states) per year: $160,000 - $210,000
Please note that visa sponsorship is not available for this position.
Benefits
- Health care coverage – company pays all premiums for all levels of coverage for you and your dependents.
- Flexible Spending Wallets – generous stipends for technology, food, lifestyle needs, and family‑forming expenses.
- Time off – competitive vacation and holiday schedules.
- ESPP – employee stock purchase plan enabling you to buy shares at a discount.
Other Information
Affirm is a remote‑first company. The majority of roles are remote, and you can work from almost anywhere within the country of employment. Occasional on‑site work may be required depending on job responsibilities.
We believe It’s On Us to provide an inclusive interview experience for all, including people with disabilities. We are happy to provide reasonable accommodations to candidates in need of individualized support during the hiring process.
By clicking “Submit Application,” you acknowledge that you have read Affim’s Global Candidate Privacy Notice and hereby give informed consent to the collection, processing, use, and storage of your personal information as described therein.
Seniority & Employment
Seniority level: Mid‑Senior level
Employment type: Full‑time
Job function: Engineering and Information Technology